Understanding "Key Type" option in the Provisioning Settings.


What is the difference between the Key Type "created by device" and "created by server" in the ClearPass OnBoard >> Provisioning Settings.




The option "created by device" will use SCEP to provision the EAP-TLS client certificate. The certificate signing request will be generated in the device and get it signed against OnBoard CA , so the private key is known only to the device. When you use the option"created by device", re-provisioning a client will generate new certificate every time.


When you select the option "created by server", the ClearPass server itself will generate and sign the EAP-TLS client certificate and install it on the device during the provisioning process. Re-provisioning a client will re-use the existing client certificate of the same user/device, if the existing certificate expiration is more than 25% of its lifetime.



Version history
Revision #:
2 of 2
Last update:
‎09-01-2016 10:08 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: